I everybody,
I recently installed graylog.
Until now everyting is ok except for one stuff:
Messages from old cisco switchs 3500XL series it cannot get the IP.
With tcpdump i can verify that the message arrivers correctly:
But in the graylog gui i get someting like:
Can someone help me?
Hello && welcome @miguel
I would like to help, Please provide more information and configuration about your setup.
INPUTs used , Extractors used, Pipelines, etc… this will help us, help you.
Install was made follwing the documentation.
No INPUTs configured and no exctrators used.
The pipelines i use is only to drop useless messages like ports up/down and PoE messages.
I configured two streams one for syslog messages from aruba switchs and other for cisco switchs, only to separate the syslog messages by manufacturer.
Inputs are required to receive the information the Cisco switches are sending you. The Input should generally match the type of data sent (i.e. Syslog, GELF, etc) … the port number should match as well…
Thank you all.
I found the source of the problem.
This only happens with older switches (cisco 2950, 2900XL, 3500XL, etc).
If you enable service sequence-numbers the switch inserts two sequence numbers instead of just one. if you disable the command service sequence-numbers (no service sequence-numbers) the problem disappears.
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.
